Help Center/Account & Security/Rotating API keys

Account & Security

Rotating API keys

How to rotate your API keys without downtime.


Why rotate keys?

Regular key rotation limits the blast radius if a key is ever leaked. We recommend rotating keys every 90 days, or immediately if you suspect a compromise.

Steps to rotate without downtime

  1. Go to Dashboard → API Keys
  2. Click Create new key — give it a name like "Production v2"
  3. Copy the new key and update it in your application/plugin configuration
  4. Verify your application is working with the new key
  5. Go back to API Keys and revoke the old key
Tip: Keep both keys active during the transition period. Predax allows multiple active keys per account.

Revoking a compromised key

If a key has been exposed (e.g., committed to a public repo):

  1. Go to API Keys immediately
  2. Click Revoke on the compromised key
  3. Create a new key
  4. Update all services using the old key
  5. Check your Audit Log for any suspicious activity